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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001] The present invention relates to a system 
which can verify the reliability and validity of meta infor- 
mation about various contents and, more particularly, to 
a system which verifies the reliability and validity of meta 
information and can control any alteration of program 
contents on the basis of the verification result and meta 
information. 

Related Background Art 

[0002] Along with the recent trends toward digitiza- 
tion, digitization has been progressing in various fields. 
In the field of broadcasting as well, digitization has pro- 
gressed, and digital broadcasting has been partly real- 
ized. In digital broadcasting, not only a broadcast pro- 
gram but also meta information describing the contents 
of the program and the like can be transmitted. New 
services have therefore been proposed, e.g., scene re- 
trieval and digest viewing, by letting a receiver having a 
large-capacity storage function (to be referred to as a 
storage hereinafter) automatically store broadcast pro- 
grams by using such meta information. 
[0003] In addition, along with the recenttrends in hard 
disks toward larger capacity, hard disk recorders for re- 
cording digital broadcast contents have already been 
commercialized. As described above, the environment 
for the realization of such services has improved. Fur- 
thermore, in digital broadcasting, demands have arisen 
for measures for protecting broadcast programs against 
unauthorized duplication of programs. 
[0004] Note that a receiver having a large capacity 
storage function is also expected to have a function as 
a home server, e.g., the function of connecting to the 
Internet and other information household electrical ap- 
pliances, and hence is called a "server type receiver". 
Broadcasts for such server type receivers will be re- 
ferred to as "server type broadcasts". 
[0005] Conventionally, as a pay broadcasting system, 
the conditional access system applied to television 
broadcasting and high-definition television broadcast- 
ing (to be referred to as Hi-Vision broadcasting herein- 
after) has been widely studied. Video signals and audio 
signals to be generally broadcast in the pay broadcast- 
ing system are scrambled by some method to prevent 
unauthorized persons from receiving the signals, 
whereas signals for de-scrambling the scrambled sig- 
nals are sent to authorized persons, thus controlling re- 
ception. 

[0006] Information to be sent as a signal for controlling 
this reception is called related information, which is con- 
stituted by information about a key (scramble key Ks) 
for de-scrambling a scrambled signal, information for 



determining whether a broadcast program falls within 
the contract range of the recipient, information by which 
the broadcasting station forcibly turns on/off a specific 
receiver, and the like. 

5 [0007] When pay television broadcasts or pay Hi-Vi- 
sion broadcasts are to be provided by satellite broad- 
casting, related information is transmitted in the form of 
packets through data channels. In this case, scramble 
keys and information related to broadcast programs 

10 (called program contents) are enciphered to prevent a 
third party from knowing or tampering with the informa- 
tion. 

[0008] A scramble key or a key for enciphering pro- 
gram contents is called a work key Kw and is sent to 

15 each recipient, together with agreement information in- 
dicating the contents of the contract made by the recip- 
ient. These pieces of information are called individual 
information and sent via broadcasting radio waves, a 
physical medium such as an IC card or magnetic card, 

20 a telephone line, and the like. When individual informa- 
tion needs to be enciphered, a maser key Km is used. 
Master keys Km basically differ depending on recipi- 
ents. 

[0009] Fig. 8 shows an arrangement for a scrambling 
25 scheme. Referring to Fig. 8, a broadcast-station-side 
apparatus includes a scramble unit 801, multiplexing 
unit 802, scramble key (Ks) 803, work key (Kw) 804, 
agreement information 805, enciphering units 806 and 
807, and master key (Km) 808. 
30 [001 0] A reception-side apparatus includes a separa- 
tion unit 809, de-scrambling unit 81 0, decoding units 811 
and 812, view decision unit 813, agreement information 
814, and master key (Km) 815. In server type broad- 
casting, those who provide meta information are not lim- 
35 ited to broadcast providers, and it is expected that meta 
information is distributed from various providers and us- 
ers via communication media such as the Internet. 
[0011] In addition, meta information is assumed to be 
meta information having various functions, in addition to 
40 simple meta information such as the title of a program, 
for example, meta information that changes the con- 
struction of a program such as meta information that 
generates a digest of a program. 
[0012] Meta information that changes the construc- 
ts tion of a program is used to alterthe program, and hence 
consideration must be given to copyright. 
[0013] Conventionally, however, no consideration has 
been given to the mechanism of verifying the reliability 
and validity of a provider who distributes meta informa- 
50 tion and those of the meta information. 

SUMMARY OF THE INVENTION 

[0014] It is the first object of an embodiment of the 
55 present invention to verify the reliability and validity of 
meta information corresponding to program contents. 
[0015] It is the second object to provide a system 
which can control playback and editing of program con- 



2 



3 



EP1 309 198 A2 



4 



tents in accordance with the reliability and validity of me- 
ta information. 

[0016] Other features and advantages of the present 
invention will be apparent from the following description 
taken in conjunction with the accompanying drawings, 
in which like reference characters designate the same 
or similar parts throughout the figures thereof. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0017] The accompanying drawings, which are incor- 
porated in and constitute a part of the specification, il- 
lustrate embodiments of the invention and, togetherwith 
the description, serve to explain the principles of the in- 
vention. 

Fig. 1 is a view showing an outline of a system ac- 
cording to the present invention; 
Fig. 2 is a block diagram showing the arrangement 
of a system according to the present invention; 
Fig. 3 is a block diagram showing the arrangement 
of a system according to the present invention; 
Fig. 4 is a block diagram showing the structure of 
certification authorities according to the present in- 
vention; 

Fig. 5 is a block diagram showing the arrangement 
of a system according to the present invention; 
Fig. 6 is a block diagram showing the arrangement 
of a system according to the present invention; 
Fig. 7 is a view showing an example of class infor- 
mation corresponding to the reliability of meta infor- 
mation according to the present invention; 
Fig. 8 is a block diagram showing an example of the 
arrangement of a conventional system for realizing 
conditional access broadcasting; and 
Fig. 9 is a block diagram showing the arrangement 
of a system according to the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0018] A digital contents processing apparatus, digital 
contents processing system, digital broadcasting sys- 
tem, digital contents processing method, computer- 
readable storage medium, and computer program ac- 
cording to the embodiments of the present invention will 
be described next with reference to the accompanying 
drawings. 

[0019] Fig. 1 shows an example of the arrangement 
of a system according to the first embodiment of the 
present invention. The first embodiment is comprised of 
a single or a plurality of administrators, a single or a plu- 
rality of broadcast providers, and a single or a plurality 
of meta information providers. They are mutually con- 
nected via various communication media. 
[0020] An administrator 11 administrates the overall 
operation of a system. For example, the administrator 
11 administrates the issue of keys used in the system. 



[0021] A broadcast provider 12 is an entity that pro- 
vides program contents by broadcasting, and generally 
corresponds to a broadcasting station. Obviously, how- 
ever, that this embodiment is not limited to video broad- 

5 casting and can be applied to music broadcasting such 
as radio broadcasting and can also be applied to broad- 
casting of general contents such as data broadcasting. 
In this embodiment, such broadcast contents will be ge- 
nerically termed program contents. 

10 [0022] A meta information provider 13 is an entity for 
providing meta information corresponding to program 
contents. 

[0023] In server type broadcasting, program contents 
are held in a storage medium, and meta information is 
15 also held. The server type receiver of a recipient 1 4 has 
the function of connecting to a network 15. The server 
type receiver receives program contents and meta in- 
formation via communication satellites 16 and 17 and 
the like. Note that the server type receiver may receive 
20 meta information independently of program contents. 
[0024] With this operation, entities other than the 
broadcast provider 12 can provide meta information. 
The recipient 14 is an entity that receives program con- 
tents, plays back program contents, and edits program 
25 contents on the basis of meta information. 

[0025] A case wherein the broadcast provider 12 and 
other entities communicate with each other by using a 
communication medium called radio broadcasting will 
be described below. Note that they can communicate 
30 with each other via another communication medium 
such as an optical fiber. The recipient 14 and meta in- 
formation provider 13 can also communicate with each 
other via various two-way communication media such 
as a telephone network, portable telephone network, 
35 and cable television network as well as the one-way 
communication medium, i.e., radio broadcasting via the 
broadcast provider 12. Note that the broadcast provider 
1 2 may accommodate the meta information provider 1 3 
and administrator 11 . 
40 [0026] Fig. 2 shows an example of each of the ar- 
rangements of the meta information provider 13 and re- 
cipient 14. As shown in Fig. 2, the meta information pro- 
vider 13 is connected to the recipient 14 via a commu- 
nication medium. The meta information provider 13 
45 holds a first key 131 distributed from the administrator 
11. The meta information provider 13 has an encipher- 
ing unit 132. 

[0027] The enciphering unit 1 32 enciphers meta infor- 
mation with the first key 131 and outputs the enciphered 
50 meta information. An enciphering algorithm to be used 
for this enciphering operation is not specified. 
[0028] The recipient 14 holds a plurality of keys 14a, 
14b, and 14c distributed from the administrator 11 and 
a key reliability list 141 . The plurality of keys 14a to 14c 
55 include the key distributed from the administrator 11 to 
the meta information provider 13. 
[0029] The key reliability list 1 41 is data indicating the 
reliability of each of the keys 14a to 14c which is deter- 
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mined by the administrator 11. For example, the relia- 
bility of a key is determined on the basis of the reliability 
of the meta information provider 13 holding the key. If, 
for example, the meta information provider 13 differs 
from the broadcast provider 12, as shown in Fig. 2, the 
reliability is low. In contrast, if the meta information pro- 
vider 1 3 is accommodated in the broadcast provider 1 2, 
high reliability information is determined. The recipient 
14 also has a decoding unit 142, key selection unit 143, 
and verification unit 144. 

[0030] The decoding unit 142 decodes enciphered 
meta information by using the key information output 
from the key selection unit 1 43. The decoding algorithm 
to be used corresponds to the enciphering algorithm 
used by the enciphering unit 1 32 of the meta information 
provider 1 3. The key information output from the key se- 
lection unit 143 corresponds to the key used by the en- 
ciphering unit 132 to encipher the meta information. 
[0031 ] The key selection unit 1 43 selects the key used 
by the decoding unit 142 from the plurality of keys 14a 
to 14c. For example, one of thefollowing selection meth- 
ods may be used: a method of sequentially selecting all 
the keys 1 4a to 1 4c and a method of selecting a key on 
the basis of the key identification information added to 
the header portion of the enciphered meta information 
input to the decoding unit 142. 

[0032] In this embodiment, enciphered communica- 
tion is realized by making the meta information provider 
13 and recipient 14 share a key. In addition, since meta 
information is not binary data and has some format, the 
validity of meta information can be verified by checking 
whether the information decoded by the decoding unit 
142 conforms to a specific format. 
[0033] The verification unit 144 outputs reliability in- 
formation on the basis of the decoding result obtained 
by the decoding unit 142, the key used for decoding, 
and the key reliability list 141 . Assume that the key se- 
lection unit 143 selected the key 14a, and the decoding 
unit 1 42 could decode the enciphered meta information 
by using the key 14a. In this case, the verification unit 
144 outputs reliability information by referring to the re- 
liability of the key 14a from the key reliability list 141 . 
[0034] If the validity of the meta information can be 
confirmed in the above manner, reliability corresponding 
to the key used for decoding can be checked by referring 
to the key reliability list 141 . This makes it possible to 
determinethe reliability of the meta information provider 
13 holding the key and the reliability of the meta infor- 
mation. 

[0035] If the validity of the meta information cannot be 
checked, the reliability of the meta information may be 
determined to be the lowest. If, for example, the key re- 
liability list 141 indicates the reliability of the meta infor- 
mation provider 13 holding the key, the reliability infor- 
mation of the meta information coincides with the relia- 
bility of the meta information provider 13 which gener- 
ated the meta information. 

[0036] Fig. 3 shows an arrangement in which this em- 



bodiment is applied to conditional access broadcasting. 
The arrangement shown in Fig. 3 is comprised of a 
broadcast provider 120, meta information provider 130, 
and recipient 1 40. The broadcast provider 1 20 provides 

5 conditional access broadcasts for the recipient 140. 
[0037] Program contents provided by conditional ac- 
cess broadcasting are scrambled by some method to 
prevent an unauthorized recipient 1 40 from playing back 
the program contents. The authorized recipient 140 can 

10 play back the scrambled program contents by sending 
a signal for de-scrambling them. 
[0038] Referring to Fig. 3, the broadcast provider 120 
holds a first key 128 distributed from the administrator 
11 and is comprised of a scramble unit 121 , multiplexing 

15 unit 124, first enciphering unit 123, and second enci- 
phering unit 127. 

[0039] The scramble unit 121 scrambles program 
contents by using a scramble key Ks 122. The first en- 
ciphering unit 123 enciphers the scramble key Ks 122 

20 by using a work key Kw 1 25. 

[0040] The second enciphering unit 1 27 enciphers the 
work key Kw 125 and agreement information 126 by us- 
ing the first key 1 28. The multiplexing unit 1 24 multiplex- 
es the enciphered program contents output from the 

25 scramble unit 1 21 , the enciphered scramble key Ks 1 22 
output from the first enciphering unit 1 23, and the enci- 
phered information output from the second enciphering 
unit 127. Note, however, that the enciphered work key 
Kw 125 and enciphered agreement information 126 out- 

30 put from the second enciphering unit 127 need not be 
multiplexed. 

[0041] Multiplexing the information output from the 
first enciphering unit 123 and second enciphering unit 
127 can reduce the work key Kw 125, agreement infor- 
ms mation 126, and the like required for control on permis- 
sion/inhibition of playback in data amount while allowing 
control on permission/inhibition of program contents. 
[0042] Referring to Fig. 3, the meta information pro- 
vider 130 holds a second key 133 distributed from the 
40 administrator 11 and has a third enciphering unit 135. 
The third enciphering unit 135 enciphers meta informa- 
tion 134 generated by the meta information provider 130 
with the second key 133 and outputs the enciphered me- 
ta information to a network 160. 
45 [0043] Referring to Fig. 3, the recipient 140 holds a 
plurality of keys 150n and key reliability list 148 distrib- 
uted from the administrator 11 and is comprised of a 
separation unit 141 , de-scrambling unit 143, first decod- 
ing unit 142, second decoding unit 144 : key selection 
50 unit 146, verification unit 147, view decision unit 145, 
and view control unit 1 49. 

[0044] The separation unit 141 separates the multi- 
plexed information received from the broadcast provider 
120. The separated enciphered program contents, en- 
55 ciphered scramble key Ks, and enciphered information 
are output to the de-scrambling unit 143, first decoding 
unit 141, and second decoding unit 144, respectively. 
[0045] The key selection unit 146 selects a key used 
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for decoding from the plurality of keys 150n. The second 
decoding unit 144 decodes the work key Kw 125 and 
agreement information 1 26 by using the key output from 
the key selection unit 146. The second decoding unit 
144 decodes the enciphered meta information output 
from the third enciphering unit 135 via the network 160 
by using the key output from the key selection unit 1 46. 
The first decoding unit 142 decodes the enciphered 
scramble key Ks by using the work key Kw 125 input 
from the second decoding unit 144. 
[0046] Theviewdecision unit 145 acquires the scram- 
ble Ks from the first decoding unit 142 in accordance 
with the agreement information 126 input from the sec- 
ond decoding unit 144, and inputs the key to the de- 
scrambling unit 143. 

[0047] The de-scrambling unit 143 de-scrambles the 
enciphered program contents input from the separation 
unit 141 by using the scramble key Ks input from the 
view decision unit 145. If the key selection unit 146 is 
inhibited from selecting a specific key of the plurality of 
keys, the program contents enciphered by the scramble 
key Ks enciphered by the corresponding work key Kw 
cannot be reconstructed. If the key selection unit 146 is 
designed to select only a specific key of the plurality of 
keys, only the program contents enciphered by the 
scramble Ks enciphered by the corresponding work key 
Kwcan be reconstructed. That is, by controlling the keys 
to be selected by the key selection unit 1 46, the recipient 
1 40 is allowed to play back program contents only for a 
specific period of time. 

[0048] The verification unit 147 outputs the reliability 
information of the meta information on the basis of the 
key 150n used for decoding and the key reliability list 
148. 

[0049] The view control unit 149 inputs the meta in- 
formation and the reliability information of the meta in- 
formation, and controls permission/inhibition of editing 
of program contents based on the meta information. The 
view control unit 149 controls such that if meta informa- 
tion has high reliability, editing of the program contents 
is permitted, whereas if meta information has low relia- 
bility, editing of the program contents is inhibited. 
[0050] Fig. 9 shows the arrangement of the recipient 
1 40 in a case wherein editing of program contents based 
on meta information is controlled in accordance with the 
reliability of meta information. 

[0051 ] The recipient 1 40 in Fig. 9 includes an edit con- 
trol unit 1 71 and edit unit 1 70 in addition to the arrange- 
ment shown in Fig. 3. 

[0052] The edit control unit 171 controls permission/ 
inhibition of editing of program contents by the edit unit 
170 in accordance with meta information and reliability 
information. 

[0053] The edit control unit 171 may control the de- 
gree of editing of program contents by the edit unit 1 70 
in accordance with meta information and reliability infor- 
mation. If, for example, the reliability of meta information 
is high, the edit unit 170 is allowed to edit the program 



contents to a high degree. If the reliability of meta infor- 
mation is low, the edit unit 1 70 is allowed to edit the pro- 
gram contents only to a low degree. Editing to a high 
degree is editing that changes the construction of pro- 

5 gram contents, e.g., the plot, including editing for creat- 
ing a collection of clips of a specific actor by cutting his 
scenes from a plurality of program contents. Editing to 
a low degree is editing that maintains the construction 
of program contents, including editing for creating di- 

10 gests of program contents and adding titles to the heads 
of program contents. Note that various editing specifi- 
cations are conceivable, and the present invention is not 
limited to any specific editing. 

[0054] In addition, if pieces of meta information are 
15 prepared for one program content, the order of priority 
in which the pieces of meta information are used to pro- 
duce effects on the program content may be determined 
by using the reliability. 



[0055] The second embodiment of the present inven- 
tion will be described below. A system using public-key 
cryptography using different keys for enciphering and 

25 decoding is often used in a public-key infrastructure 
(PKI) using a certification authority (CA), a certificate, 
and a certificate revocation list (CRL). 
[0056] The validity of the public key of a user which is 
generated by the certification authority CA is guaran- 

30 teed by using both a certificate for the public key and 
the public key. In addition, in the process of verifying a 
certificate, whetherthe certificate has been revoked can 
be checked by referring to the certificate revocation list 
CRL. 

35 [0057] As indicated by Fig. 4 which is a view for ex- 
plaining the structure, certification authorities CA can be 
hierarchically arranged such that a lower-level certifica- 
tion authority CA1 is certified by an upper-level certifi- 
cation authority CA. This is called signature chaining of 

40 administrators. 

[0058] In some general certificate issuing services, 
the class of a certificate is defined in accordance with 
the strictness of identification in issuing the certificate. 
In this embodiment, however, with regard to the classes 

45 of certificates, a plurality of classes are defined in ac- 
cordance with the reliability of meta information instead 
of the strictness of identification in issuing certificates. 
[0059] For example, as shown in Fig. 7, the respective 
classes of certificates are defined with respect to various 

50 view control operations, e.g., "class in that view control 
of program contents is fully allowed", "class in that view 
of program contents is restricted", and "class in thatview 
of program contents digest is allowed". The certificate 
revocation list CRL is used to exclude an information 

55 provider who has distributed unauthorized meta infor- 
mation or exclude an unauthorized meta information 
class. 

[0060] An example of the system arrangement ac- 
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cording to the second embodiment is the same as that 
of the first embodiment except that an administrator has 
the function of the certification authority CA. Fig. 5 
shows an example of the basic arrangement of the sec- 
ond embodiment. The basic arrangement of the second 
embodiment is constituted by a meta information pro- 
vider 51 0 and recipient 520, as shown in Fig. 5. 
[0061] The meta information provider 510 generates 
a public key and private key in public-key cryptography, 
obtains a certificate for the public key from an adminis- 
trator 530, and holds them. The meta information pro- 
vider 51 0 is constituted by a first key management unit 
512 and digital signature unit 511 . 
[0062] The first key management unit 512 holds and 
manages the private key and certificate. The first key 
management unit 51 2 also outputs the private key to the 
digital signature unit 51 1 , as needed. The digital signa- 
ture unit 511 generates a digital signature on the meta 
information by using the private key input from the first 
key management unit 512. 

[0063] The recipient 520 obtains a certificate for the 
meta information provider 510 or the like from the ad- 
ministrator 530 and holds it. The recipient 520 also man- 
agements the certificate revocation list CRL obtained 
from the administrator 530. In addition, the recipient 520 
is comprised of a digital signature verification unit 521 , 
second key management unit 522, and verification unit 
523. 

[0064] The second key management unit 522 obtains 
and manages certificates for the meta information pro- 
vider 51 0 and the like. Management methods include a 
method of managing certificates by registering certifi- 
cates obtained from the administrator 530 in advance 
and a method of managing certificates by obtaining cer- 
tificates from the administrator 530 as needed. The sec- 
ond key management unit 522 also manages the certif- 
icate revocation list CRL obtained from the administrator 
530. In addition, the second key management unit 522 
outputs certificates, as needed. 

[0065] The digital signature verification unit 521 veri- 
fies the digital signature on meta information by using 
the certificate input from the second key management 
unit 522. The verification unit 523 obtains reliability in- 
formation from the verification result obtained by the dig- 
ital signature verification unit 521 and the certificate 
used for verification. The reliability information is deter- 
mined by the class of the certificate and signature chain- 
ing with respect to the certificate by the administrator 
530 when the validity of the digital signature can be ver- 
ified. 

[0066] Assume that the signature on meta information 
is made by a broadcast provider, and the class of a cer- 
tificate is the highest. In this case, it is determined that 
the reliability information is ranked highest. Assume that 
the signature on meta information is made by the meta 
information provider 51 0 which is a third party, and the 
class of the certificate is the lowest. In this case, the re- 
liability information is ranked lowest. 



[0067] According to the second embodiment, meta in- 
formation is verified based on the public-key infrastruc- 
ture PKI, and reliability information is obtained from the 
verification result on the digital signature on the meta 
5 information and the certificate used for the verification. 
Unlike in the first embodiment, in the second embodi- 
ment, since verification is based on the public-key infra- 
structure PKI, meta information can be verified without 
holding a plurality of private keys. In addition, the hier- 
10 archical or superiority/inferiority relationship between 
certificates can be easily determined by the levels of the 
certificates or signature chaining of the administrator 
530 with respect to the certificates. 
[0068] Fig. 6 shows an arrangement in which the ba- 
15 sic arrangement shown in Fig. 5 is applied to existing 
conditional access broadcasting. Referring to Fig. 6, a 
broadcast provider 610 is comprised of a scramble unit 
611, multiplexing unit 618, enciphering unit 615, first en- 
ciphering/signature unit 616, and first key management 
20 unit 61 7. The broadcast provider 610, multiplexing unit 
618, and enciphering unit 615 have the same arrange- 
ments as those in the first embodiment. 
[0069] The first enciphering/signature unit 616 re- 
ceives a work key 613 and agreement information 614, 
25 enciphers them by using the key input from the first key 
management unit 617, and generates a digital signa- 
ture. 

[0070] The first key management unit 617 manages 
the private key and certificate of the broadcast provider 
30 610, and also manages the certificate revocation list 
CRL obtained from an administrator 640 : as needed. In 
addition, the first key management unit 617 generates 
a secret key or outputs a private key used for digital sig- 
nature processing, as needed. 
35 [0071] Referring to Fig. 6, a meta information provider 
620, like the basic arrangement, generates a public key 
and private key in public-key cryptography, obtains a 
certificate for the public key from the administrator 640, 
and holds them. The meta information provider 620 is 
40 comprised of a second enciphering/signature unit 622 
and second key management unit 623, and generates 
a digital signature on meta information 621 . 
[0072] The second key management unit 623 holds 
and manages a private key and certificate, and outputs 
45 a private key to the second enciphering/signature unit 
622, as needed. The second enciphering/signature unit 
622 generates a digital signature on the meta informa- 
tion 621 by using the private key input from the second 
key management unit 623. 
50 [0073] Referring to Fig. 6, a recipient 630 is comprised 
of a separation unit 631 , de-scramble unit 638, decoding 
unit 632, view decision unit 636, view control unit 637, 
decoding/verification unit 633, verification unit 635, and 
third key management unit 634. The separation unit 
55 631 , de-scramble unit 638, decoding unit 632, and view 
decision unit 636 have the same arrangements as those 
in the first embodiment. 

[0074] The decoding/verification unit 633 receives en- 
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ciphered information input from the separation unit 631 
or a network 650, decodes the information by using the 
key input from the third key management unit 634, and 
verifies the digital signature. 

[0075] The third key management unit 634 holds and 
manages the certificate of the broadcast provider 610. 
The third key management unit 634 also obtains a new 
certificate and certificate revocation list CRL from the 
administrator 640 and manages them. In addition, the 
third key management unit 634 outputs a public key re- 
quired to verify a digital signature, as needed. These 
certificate management operations realize various key 
management operations, which in turn implements a 
conditional access broadcasting scheme specified for 
server type broadcasting as in the first embodiment. 
[0076] The verification unit 635 checks the meta in- 
formation verification result obtained from the decoding/ 
verification unit 633 . the class of the certificate used by 
the decoding/verification unit 633, and digital signature 
chaining of the administrator with respect to the certifi- 
cate, thereby obtaining reliability information. 
[0077] As described above, according to the second 
embodiment, meta information is verified, and reliability 
information is obtained from the verification result on the 
digital signature on the meta information and the certif- 
icate used for the verification. 

(Other Embodiments) 

[0078] The digital contents processing apparatus ac- 
cording to the embodiments described above is com- 
prised of the CPU or MPU of a computer, a RAM, a 
ROM, and the like, and can be implemented when the 
programs stored in the RAM or ROM operate. 
[0079] This apparatus can therefore be implemented 
by recording, on a recording medium such as a 
CD-ROM, the programs which are operated by the com- 
puter to realize the above functions, and loading the pro- 
grams into the computer. As a recording medium for re- 
cording the above programs, a flexible disk, hard disk, 
magnetic tape, magnetooptical disk, nonvolatile memo- 
ry card, or the like can be used, in addition to a CD-ROM. 
[0080] The above programs are included in the em- 
bodiments of the present invention in a case wherein 
the functions of the above embodiments are realized 
when the computer executes the supplied programs, in 
a case wherein the functions of the above embodiments 
are realized by the programs in cooperation with the OS 
(Operating System), another application software, or 
the like running on the computer, and in case wherein 
the functions of the above embodiments are realized 
when all or part of processing of the supplied programs 
is performed by a function expansion board inserted into 
the computer or a function expansion unit. 
[0081] In addition, in order to use the present inven- 
tion in a network environment, all or some of the pro- 
grams may be executed by other computers. For exam- 
ple, a remote terminal computer is used to perform 



screen input processing, whereas another center com- 
puter or the like may be used to, for example, make var- 
ious decisions and record logs. 



Claims 

1 . A digital contents processing apparatus which proc- 
esses digital contents and meta information related 
10 to editing of the digital contents : comprising: 

reception means for receiving the enciphered 
meta information; 

decoding means for decoding the enciphered 
15 meta information received from said reception 

means by using a key; 

reliability determining means for determining 
reliability of the meta information on the basis 
of the key used by said decoding means; and 
20 control means for controlling editing of the dig- 

ital contents based on the meta information in 
accordance with the reliability determined by 
said reliability determining means. 

25 2. An apparatus according to claim 1 , further compris- 
ing: 

storage means for storing a plurality of keys 
used by said decoding means; and 
30 selecting means for selecting one key from the 

plurality of keys stored in said storage means, 
wherein said decoding means uses the key se- 
lected by said selecting means. 

35 3. An apparatus according to claim 1 , wherein validity 
of the meta information is determined depending on 
whether the meta information decoded by said de- 
coding means has a predetermined format. 

40 4. An apparatus according to claim 1 , further compris- 
ing: 

second reception means for receiving agree- 
ment information concerning a usage condition 
45 for the digital contents; 

determining means for determining permission/ 
inhibition of playback of the digital contents on 
the basis of the agreement information re- 
ceived by said reception means; and 
50 second control means for controlling playback 

of the digital contents in accordance with the 
determination made by said determining 
means. 

55 5. An apparatus according to claim 1 , wherein 

the digital contents are enciphered by a first 
key, and 

said apparatus further comprises: 



20 



25 



50 



7 



13 



EP1 309 198 A2 



14 



second reception means for receiving the enci- 
phered first key; and 

storage means for storing a second key to be 
used to decode the enciphered first key re- 
ceived by said second reception means. 5 

6. A digital contents processing apparatus which proc- 
esses digital contents and meta information related 
to editing of the digital contents, comprising: 

10 

reception means for receiving the meta infor- 
mation; 

reliability determining means for determining 
reliability of the meta information on the basis 
of a certificate used to verify a signature on the is 
meta information received by said reception 
means; and 

control means for controlling editing of the dig- 
ital contents based on the meta information in 
accordance with the reliability determined by 20 
said reliability determining means. 



esses digital contents and meta information related 
to the digital contents, comprising: 

the step of receiving the enciphered meta infor- 
mation; 

the step of decoding the received enciphered 
meta information by using a key; 
the step of determining reliability of the meta 
information on the basis of the used key; and 
the step of controlling editing of the digital con- 
tents based on the meta information in accord- 
ance with the determined reliability. 

10. A computer-readable storage medium which 
records a program for causing a computer to exe- 
cute the steps defined in claim 9. 

11. A program for causing a computer to execute the 
steps defined in claim 9. 



7. A digital contents processing system including first 
and second information processing apparatuses 
which process meta information related to editing 25 
of digital contents, 

said first information processing apparatus 
comprising: 

enciphering means for enciphering the meta in- 30 
formation with a first key; and 
transmission means for transmitting the meta 
information enciphered by said enciphering 
means to said second information processing 
apparatus, and 35 
said second information processing apparatus 
comprising: 

decoding means for decoding the enci- 
phered meta information transmitted by 40 
said transmission means by using a sec- 
ond key; 

reliability determining means for determin- 
ing reliability of the meta information on the 
basis of the second key used by said de- 45 
coding means; and 

control means for controlling editing of the 
digital contents based on the meta informa- 
tion in accordance with the reliability deter- 
mined by said reliability determining so 
means. 



8. A system according to claim 7, further comprising a 
third information processing apparatus including 
transmission means for transmitting the digital con- 55 
tents to said second information processing means. 

9. A digital contents processing method which proc- 
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FIG. 4 
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FIG. 7 



CLASS INFORMATION 



0 CLASS IN THAT VIEW CONTROL OF PROGRAM 
INFORMATION IS FULLY ALLOWED 

□ CLASS IN THAT VIEW OF PROGRAM INFORMATION 
IS RESTRICTED 

□ CLASS IN THAT VIEW OF PROGRAM INFORMATION 
DIGEST IS ALLOWED 
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